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Return 


CAG 
ID 

Consensus Audit Guidelines 

NIST-800-53 

CIRT Events 
11 mo 

1 

Inventory of authorized and 
unauthorized hardware 

CM-l, CM-2, CM-3, 
CM-4, CM-5, 

L.IVI-C5, L.IVI-y 

Multiple Tools 

<6% 
< 22% 

2 

Inventory of authorized and 
unauthorized software 

CM-l, CM-2, CM-3, CM-5, CM-7, 
CM-8, CM-9, SA-7 

3 

Secure configurations for 
HWand SW, if available 

CM-6, CM-7, CP-10, 
IA-5, SC-7 

Nominal 

4 

Secure configurations for network 
devices such as firewalls and routers 

AC-4, CM-6, CM-7, 
CP-10, IA-5, 
RA-5, SC-7 

Nominal 

r— 

5 

Boundary Defense 

AC-17, RA-5, SC-7, SI-4 

. —JO/ 

< 7% 

6 

ividinicnancc/Mndiysis ot 
complete security audit logs 

AU-1, AU-2, AU-3, AU-4, AU-6, 
AU-7, AU-9, AU-11, AU-12, CM-3, 
CM-5, CM-6, SI-4 

Nominal 

7 

Application software security 

AC-4, CM-4, CM-7, RA-5, SA-3, 
SA-4, SA-8, SA-11, SI -3 

Decentralized 

8 

Controlled use of Administrative 
Privileges 

AC-6, AC-17, AT-2, AU-2 

Nominal 

9 

Controlled access based on need to 
know 

AC-1, AC-2, AC-3, AC-6, AC-13 

< 1% 

10 

Continuous vulnerability testing and 
remediation 

CA-2, CA-6, CA-7, RA-5, SI-2 

Nominal 

11 

Dormant account monitoring and 
control 

AC-2, PS-4, PS-5 

Nominal 

12 

Anti-malware defenses 

AC-3, AC-4, AC-6, AC-17 , AC-19, 
AC-20, AT-2, AT-3, CM-5, MA-3, 
MA-4, MA-5, MP-2, MP-4, PE-3, 

nr a n\ a nr c nA c cat 

PL-4, PL-4, PS-6, RA-5, SA-7, 
SA-12, SA-13, SC-3, SC-7, SC-11, 
SC-20, SC-21, SC-22, SC-23, 
SC-25, SC-26, SC-27, SC-29, 
SC-30, SC-31, SI-3, SI-8 

<60% 

13 

Limitation and control of ports, 
protocols and services 

AC-4, CM-6, CM-7, SC-7 

Not yet graded 

14 

Wireless device control 

AC-17 

Nominal 

15 

Data leakage protection 

AC-2, AC-4, PL-4, SC-7, 
SC-31, SI-4 

Pending 


